Arbitrary File Deletion Vulnerability in Dell SupportAssist Client
CVE-2021-36286

7.1HIGH

Key Information:

Vendor: Dell
Status: Supportassist Client Consumer
Vendor: CVE Published:; 28 September 2021

Summary

The Dell SupportAssist Client Consumer, versions 3.9.13.0 and earlier, is impacted by a vulnerability that allows non-privileged users to exploit NTFS symbolic links and junction points. This issue arises when the SupportAssist application's functionality to clean files fails to properly differentiate between junction points and physical folders. By leveraging this flaw, an attacker can manipulate the system to delete arbitrary files that typically require administrative access, thus posing a significant risk to system integrity.

Affected Version(s)

SupportAssist Client Consumer <= 3.9.13.0

References

https://www.dell.com/support/kbdoc/en-us/000191057/dsa-20...

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 28, 2021
Vulnerability Reserved
Jul 8, 2021